Reuters reports that FireEye traced tainted emails to recipients at five undisclosed European ministries. The emails contained attachments with official sounding titles, such as “US_military_options_in_Syria.” Once opened, the attachment uploaded a malicious code that allowed hackers to reconnoiter internal communications across compromised networks.

Just as the hackers appeared to be preparing to steal the data, they switched servers and shook FireEye off their trail. FireEye says it reported its findings to the Federal Bureau of Investigation.

It's a wonder to note that FireEye is run by a former NSA Chief. This could explain how the U.S. is able to get information from the G20 server but now it's trying to cover it's behind after being discovered from hacking European leaders.